Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

1

vote

1 answer

Wireshark does not capture second IP address traffic

I have interface with ip address: 192.168.1.3. I'm adding a second ip address: 192.168.1.4 to that interface using: ip address add Then from other computer (192.168.1.10), I ping those address & both responded correctly. I want to capture traffic…

linux wireshark

asked Mar 11 '15 at 09:36

manus

25
3

1

vote

2 answers

In WireShark, how can I filter results so that it shows only a single line per source?

I'm using WireShark to find any systems pointed to an old system we're decommissioning and rather than showing the same IP 1,000 times I'd like to use a filter that will only show each IP source once. Can somebody tell me how I can go about doing…

wireshark

asked Mar 02 '15 at 11:45

Windows Ninja

2,586
19
46
70

1

vote

1 answer

server is not responding on SYN packets

On the attached tcp dump, the first two SYN packets (#21800 and 21801) came to the server, however SYN ACK was sent for the second SYN. Is that correct behaviour? My understanding is that the client is trying to establish two TCP connections from…

tcp tcpip wireshark tcpdump packet-capture

asked Feb 17 '15 at 09:05

sidorvm

11
2

1

vote

1 answer

Selecting a TCP stream with most bytes transferred in Wireshark

I have captured traffic in Wireshark and I want to follow the TCP stream with most bytes transferred in the traffic. After opening Statistics > Conversations and sorting by Bytes column I filter the traffic by the two hosts that have most traffic…

networking wireshark

asked Feb 17 '15 at 08:14

Simo Kivistö

188
1
2
11

1

vote

1 answer

Dumpcap on remote linux interface

I want to capture packets on a remote linux interface using dumpcap. I have observed that there is a command - dumpcap -i rpcap:/// and dumpcap -i TCP@: But when trying to execute the later command the terminal says that…

linux wireshark

asked Jan 22 '15 at 17:59

BAdhi

111
6

1

vote

1 answer

Why do I see so many ssh packets in only a couple seconds?

I am learning how to use tshark so I can better understand networking. As a user the protocol I most often use day to day is SSH. So I thought I'd start a capture filter on ssh packets on my server and see what happens. I ran the following…

networking wireshark tshark

asked Nov 20 '14 at 20:06

almel

113
3

1

vote

0 answers

FTP Connection Suddenly hanging on 'waiting for welcome message'

We've had our FTP server (Proftpd) running on Ubuntu Server 12.04 for over 12 months now with no connection issues. In the last few days there have been issues with slow connections to the server, with clients reporting their FTP client, Filezilla,…

ubuntu wireshark ftp

asked Oct 02 '14 at 23:37

Jake Jackson

136
4

1

vote

2 answers

Wireshark seems to ignore my filters

I'm trying to make use of Wireshark 1.10.6 for Windows and I want to only capture the traffic to port 443 (to diagnose some weird HTTPS problems I'm having). So I open Capture -> Capture Filters... and in there I delete all filters and then add one…

wireshark packet-capture

asked Apr 07 '14 at 08:15

sharptooth

2,739
4
32
40

1

vote

2 answers

Can I capture ISP SNMP information with Wireshark?

I am trying to do some heavy digging into SNMP, BPI+, ISP networks. Since wireshark can be used to capture network data, would I be able to use it to remotely capture my ISP SNMP agent information and view information being sent through it? Would…

networking snmp internet wireshark packet-capture

asked Mar 09 '14 at 01:08

user1632018

113
4

1

vote

0 answers

NFSv3 Asynchronous Write Depends on Block Size?

I am trying to figure out if my NFSv3 deployment is performing SAFE asynchronous writes. I suspect that it is doing strictly synchronous writes, as I am getting poor performance in general. I used Wireshark to look at the 'stable' flag in write…

ubuntu networking nfs wireshark

asked Nov 05 '13 at 00:50

Joe Swanson

63
1
6

1

vote

1 answer

"tshark: There are no interfaces on which a capture can be done" in Amazon Linux AMI

My goal is to capture packets with tshark in Amazon Linux AMI. While typing tshark in the command line there's an error: "tshark: There are no interfaces on which a capture can be done" How to implement the solution from Wireshark setup Linux for…

linux amazon-ec2 wireshark packet-capture tshark

asked Oct 29 '13 at 14:17

rok

159
8

1

vote

1 answer

Wireshark not found after installing RHEL 5.5

After installing Wireshark in RHEL 5.5 (32bit) with following command: yum install wireshark Wireshark not found: [root@localhost ~]# wireshark bash: wireshark: command not found What do I do?

networking installation rhel5 wireshark

asked Sep 11 '13 at 06:50

SuB

651
5
12

1

vote

2 answers

trace ftp file data in wireshark

I am trying to analyze ftp traffic in Wireshark. I can see commands like Request: List, PORT. But after FTP Response 150: Opening data channel for directory list. what I see immediately is Response 226: Transfer OK where is a list of files? Why I…

ftp tcp wireshark

asked Jul 07 '13 at 21:55

user107788

1

vote

2 answers

Source and Destination Packets on Wireshark Relative or Absolute?

New in Packet Analysis. Sniffing on the Ethernet device of my computer. Does the Source and Destination columns on Wireshark tell the source and destination from where the packet was originated and its final destination or do they tell about their…

ip ethernet wireshark packet-capture network-protocols

asked Jun 28 '13 at 18:24

Ventolinmono

131
1
5

1

vote

0 answers

UDP sends 6 additional packets in Wireshark

I am sending UDP packets using ttcp to another machine which is connected via a Cisco router. However, when I analyze the packets sent in Wireshark, there is a UDP packet sent before the payload packets are sent, and 5 packets sent after the…

wireshark udp

asked May 23 '13 at 11:42

Parzifal

165
1
1
8

Questions tagged [wireshark]